Hey folks, one of my neighbours got visited recently by the Police 'cos their connection had been used to do some highly illegal stuff.

So I decided to beef up our wireless security. Here's what I did:

• Changed encryption from WPA to WPA2[PSK]
• Set up an access control list of specific MAC addresses
• Disabled SSID broadcast
• Set new decent & different passwords for the wireless access key and the administrator interface.

The problem is that my iPod Touch refuses to reconnect to the network if it locks the screen and the network is not broadcasting an SSID - I have to set up the connection manually again. Is there a way to fix this or am I going to have to re-enable SSID broadcast?

Hiding the SSID doesn't increase security, so it doesn't matter if you have to re-enable it. There is no advantage to having it hidden.

One other thing you could do for better security is reduce the transmit power as far as you can without disturbing your network.

I couldn't see an option to do that, but I'll have another look, thanks .

It actually reduces security by increasing the chatter with active clients thus making the WPA2 encryption easier to crack.

Fair enough, I'll just re-enable SSID broadcast then.

Because you mention neighbours, I assume you are speaking of a domestic network? If so, then consider switching the wireless off when not in use and keeping a log. The MAC address is broadcast in ARP traffic so it is possible to sniff both the SSID and the MAC address from a legitimate session.

Ooh, ooh, ooh!! Was just gonna start a new thread on a related topic. Mind if I jack?

Just setting up a Linksys AP at work which will be for the exclusive use of my guests. It's on a separate ADSL line and is not connected to any of my hardware. Do I need anything better than WEP? We wouldn't get many passing leaches as we're in the middle of nowhere, but obviously I want some security and I may yet charge a small amount to my captive audience.

In the setup it talks about WPA2 etc. but I'm used to a proper network with wires, so I don't have a clue about this wireless nonsense. It's offering me WEP (64 or 128bit), WPA Personal, WPA2 Personal, WPA Mixed. I've had a look around Wiki, but still haven't figured about the difference. Any ideas.....?

WEP is almost useless against anyone but casual passers-by as tools are readily available that will crack it in minutes (sometimes less). You will cause yourself the trouble of configuring it and the hassle of ensuring that your users have it configured, ruling it out of any troubleshooting etc, etc. If you do not consider your installation to be a target, don't bother. If you're concerned, use WPA2.

I don't know what linksys model you have but have a butch here: http://www.linksysbycisco.com/?search_keyword=WPA+Mixed&x=0&y=0&pagename=LBC%2FCommon%2FDynamicWrapper&site=UK&ppath=search&c=Page&lang=en

There is only one level of security that should be used, WPA2. WEP is harder to configure and is less secure. It should only ever be used if you have a legacy device which can't be upgraded and you cannot live without it being in your network - although you might as well save yourself the hassle and run an unencrypted network in that case.

WEP can be cracked in a couple of minutes, WPA in a couple of hours. WPA2 is currently unhacked and only susceptible to a dictionary attack - you should always use a key of at least 21 characters.

I have heard WEP can be cracked in under 30 seconds. Though as you have said it will be enough to keep out the casual attempt. I would recommend a randomly generated password, so that dictionary attacks are impossible and brute force attacks much harder.

I've had a setup identical to yours (less the MAC address filtering) and my iPod Touch worked fine...

My router won't connect any wireless client until you hold down a button on the back of the router.

It can be a PITA sometimes but I wouldn't want to be without it.

Do you mean connect for the first time, or connect full stop?

If you mean every time then I really couldn't be doing with it, but if it's only for the initial connection then that sounds like a really good feature.